To configure the project for RPM package signing, add the following to your conf/local.conf configuration file:
INHERIT += "sign_rpm"
For IPK package signing, do the following instead:
INHERIT += "sign_ipk"
You will then need to define the name of the GPG key to use for signing, and its passphrase:
RPM_GPG_NAME = "<key ID>" RPM_GPG_PASSPHRASE = "<key passphrase>"
Or for the IPK package format:
IPK_GPG_NAME = "<key ID>" IPK_GPG_PASSPHRASE_FILE = "<path/to/passphrase/file>"
See the Creating a GNUPG key pair next section in this same recipe to find the generated key ID.
The Yocto build system will locate the private GPG key in the host and use it to sign the generated packages.
The Yocto 2.4 release supports signing RPM and IPK packages, but not DEB packages.